Side-Channel Cryptanalysis Lecture notes and suggested reading

Most cryptosystems are designed and evaluated at a mathematical level. Attackers, however, will always target the physical realisation of a system which is much more complicated (see [14] for discussion of this disconnect). Real-world electronic implementations of ciphers will usually leak additional information to attackers in the form of side-channels such as timing, power consumption, electromagnetic radiation, heat, noise, and more. In many cases, an attacker can combine side-channel information with the observed input and/or output of a cryptographic algorithm to recover secret information. It is important to draw a distinction between side-channel cryptanalysis and related physical attacks. Compromising Emanation attacks or tempest attacks utilise electromagnetic emanations from computers to recover secret data, for example using electromagnetic radiation from a computer screen to recover the text being displayed [11] (for a survey, see chapter 17 of [1]). Tempest attacks target secret information directly, completely bypassing the cryptographic keys. Invasive or semi-invasive attacks, in contrast, involve physical manipulation of a target system to extract secret information, for example by unpackaging a chip and reading secret data stored in its memory using a micro-probe or a microscope (see [4, 2] for a survey of physical attacks and defences). In contrast, side-channel attack present a unique challenge in that an attacker gains some additional information which the cryptographic designers did not anticipate, but is usually only weakly correlated to secret data. Recovering the secret data thus requires a combination of side-channel data collection, statistical processing to eliminate noise, and cryptanalysis to deduce secret keys. Side-channel attacks can be very powerful, however, in that they can completely compromise real systems without physical access. This presentation will overview the wide variety of side channel attacks in the existing literature and discuss the details of several speci c attacks as case studies: